d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b

General

Target

d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
Size

1.4MB
MD5

b3fdf470658586ffe5b015f88ed4dc75
SHA1

c69862eb7645c8680c0c6763ceef243df5bc95e6
SHA256

d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b
SHA512

46e8cb6b125bdeac5ee6c950fee68090a34eea0f56f9e61c0d3120c957d90d826f2a3df7946f13824b29f4c352d88a00c94e45fc9452d7b1a9b725e527d8a4fa
SSDEEP

24576:Jk70Trc/gkCNYNBsIfkUpEONJ5XBKcHE6grYO5/ovgTfAMBmNEReYW9DD8OxGFK7:JkQTAeSYMxNH5s5AsPfIBDD8OwFPQ

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/1868-54-0x0000000000400000-0x0000000000573000-memory.dmp	vmprotect
behavioral1/memory/1868-55-0x0000000000400000-0x0000000000573000-memory.dmp	vmprotect
behavioral1/memory/1868-61-0x0000000000400000-0x0000000000573000-memory.dmp	vmprotect
behavioral1/memory/1868-63-0x0000000000400000-0x0000000000573000-memory.dmp	vmprotect

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376428400"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb800000000020000000000106600000001000020000000727a16ac6d804f3b9f315fd0124102c92425f200207c8b81799f088ff8bdd287000000000e8000000002000020000000f4f008cacfcf8fde0e7f4a8f7d77b1e28b3549bef888c90d73b540a8da86afbc900000008fcbf9ef5455b9a68b728c2f51cb2229de396a92ab8b86b97e500505d1e2df227bc2dc1f9284080707983057675b66e32e2be11513e70d09292775949f1992db5a4b0806b63c43d1d5ce0806034b5860249391301c2910d8cb4d9fd80d8f6b63ea54710e9221cd5605394fc22e5db7b98a055f29c3558ed6c0c220811905ded58bba40053811b2cd49837494d116354a4000000023436d84f00ce6194d7ab23af8de7abe157893f427d0907a4d25f99ba591d64ba1109885f0aed5624930e067e93e7b11c8022b8bdc91b7a258f6fcc6f0867315	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40a9c60d5f03d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F3A28A1-6F52-11ED-A1D9-72598884447E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb80000000002000000000010660000000100002000000038c58267e77b8b2c952b9b9e4b595b895e0a27c8ef6fa8afb5f009c28132a442000000000e800000000200002000000090b88493b7ef96c1b20ec28344f2db3d2ec6ed13f0f425e62b70b6a409c54cd52000000091184897744b1bbdf5ecb1aa116f6df30f2a3f640ea01aa8bdd63dde4e8d8db3400000008f581d096e1ba57b4935af80aec639e73ffaaf162c53e48bb4f2a1cb8d8a122e243b14fd833f133888df23e07847ff799ce98828f7005948f2993fece6a6df92	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

Processes:

d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe

pid	process
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe

description pid process

Token: SeDebugPrivilege 1868 d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1808 iexplore.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid process

1808 iexplore.exe
1808 iexplore.exe
1940 IEXPLORE.EXE
1940 IEXPLORE.EXE
1940 IEXPLORE.EXE
1940 IEXPLORE.EXE
1892 IEXPLORE.EXE
1892 IEXPLORE.EXE

description	pid	process
Token: SeDebugPrivilege	1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe

pid	process
1808	iexplore.exe

pid	process
1808	iexplore.exe
1808	iexplore.exe
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE
1940	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exeiexplore.exe

description	pid	process	target process
PID 1868 wrote to memory of 1808	1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe	iexplore.exe
PID 1868 wrote to memory of 1808	1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe	iexplore.exe
PID 1868 wrote to memory of 1808	1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe	iexplore.exe
PID 1868 wrote to memory of 1808	1868	d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe	iexplore.exe
PID 1808 wrote to memory of 1940	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1940	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1940	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1940	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1892	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1892	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1892	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1892	1808	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe
"C:\Users\Admin\AppData\Local\Temp\d7fb6d405ddfacfc1684ba6a3ccbc2070e17a7973e3782a11abecbc02f259f6b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1868

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://зябука.рф/
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1808

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:5518337 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1892

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
72d82281c370f3c66cf0d9e6fe2b1e60

SHA1
4140ca3eb56e7cddcd804d5fd2221c722afdee19

SHA256
24f66b8a19fb1a60168145a6d8a31cd462f3368263d1011752d3617b17080ec8

SHA512
c985e1b40e567f7f22c1635bf257d39c072dc6c8325bd428d0922ec0c7052eb2bf24f8de0fac12d0efc354a8d2c8817e405c10c20eed6b66df0d40b03ce12a73

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5ZIPFCFM.txt
Filesize
601B

MD5
8b1b30f41959c54787a35629bfc1e467

SHA1
d1af2a707a3533299079f5bc16bf0f8f669e51e9

SHA256
d37946b1ac9dfa6567549ffd6ce07aeccde0adaf7731011577fc1af37f7b817e

SHA512
19d5870bc904392cc1af278b32d5b1759e025cc808a2d5e8784e9d07e7ba9a74efe33beec83d4891cdb67a549cd008d002ef0cd4c96767e897c71316e163a430

Download Submit
memory/1868-60-0x00000000053FA000-0x000000000540B000-memory.dmp

Filesize
68KB

Download
memory/1868-57-0x0000000005430000-0x00000000054C8000-memory.dmp

Filesize
608KB

Download
memory/1868-58-0x0000000075E01000-0x0000000075E03000-memory.dmp

Filesize
8KB

Download
memory/1868-59-0x0000000005A10000-0x0000000005A48000-memory.dmp

Filesize
224KB

Download
memory/1868-54-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/1868-61-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/1868-62-0x00000000053FA000-0x000000000540B000-memory.dmp

Filesize
68KB

Download
memory/1868-63-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/1868-64-0x00000000053FA000-0x000000000540B000-memory.dmp

Filesize
68KB

Download
memory/1868-56-0x00000000054D0000-0x0000000005568000-memory.dmp

Filesize
608KB

Download
memory/1868-55-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads